Tasty Spam: iMessage Spam Pushing Fake Designer Sites

It appears someone got ahold of many iCloud accounts and pushed out spam via iMessage peddling links to discount sale websites for several designer brands such as Oakley, Ray-Ban, and Michael Kors, Cloudmark found.

This site may earn affiliate commissions from the links on this page. Terms of use.

In July, the second most prolific form of mobile spam in the United States came from an unlikely source: Apple's iMessage.

It appears someone got ahold of many iCloud accounts and pushed out spam via iMessage peddling links to discount sale websites for several designer brands such as Oakley, Ray-Ban, and Michael Kors, said Tom Landesman, a security researcher at Cloudmark. Nearly two-thirds of the messages had links pointing to fake Oakley sites. These sites could be linked back to China-based domains.

The iMessage app provides over-the-top messaging, which lets users bypass standard SMS and send text messages using data. Ostensibly an iOS app, iMessage can be used by any Apple device, including MacBooks and iMacs, to send messages for free. In this case, anyone with a lot of iCloud accounts at his or her disposal could cheaply send out spam using iMessage, Landesman said.

This iMessage spam accounted for 28 percent of all mobile messages reported in July and was the second most prolific form of mobile spam that month, Cloudmark found. The most prolific was the Win Free Stuff campaign we've discussed previously.

Lists of iPhone NumbersThe "read recipients" feature in iMessage notifies the sender the recipient has read the message, and also when. Spammers using iMessage, therefore, could use the feature to build out a massive list of valid phone numbers for iPhones, Cloudmark said. "This list would be a hot sell on the underground market for other spammers (or malicious attackers) looking to explicitly target the iOS platform with 100 percent accuracy," Landesman said.

Users can disable read receipts in iMessage by going into Settings on their iPhones or iPads. The slider to turn off "Send Read Receipts" is located under the "Messages" option.

Using Hacked AccountsUp to 60 percent of the spam iMessage texts sent during May and June were sent by Apple IDs with Chinese domains. That changed in July, as nearly 62 percent were sent by Apple IDs with Hotmail email addresses, Cloudmark found. The attacker didn't mass register accounts, but was most likely using Apple ID or Hotmail accounts that had been compromised, Landesman said.

Interestingly enough, the campaign was spread out across most major U.S. cities. and not localized to a specific city as is often the case with mobile spam. The spread of recipients was also proportionate to the city's population, "which is to be expected given a set of random phone numbers," Landesman said.

Fahmida Y. Rashid is a senior analyst for business at PCMag.com. She focuses on ways businesses can use technology to work efficiently and easily. She is paranoid about security and privacy, and considers security implications when evaluating business technology. She has written for eWEEK, Dark Reading, and SecurityWeek covering security, core Internet infrastructure, and open source.
Follow me on Twitter: zdfyrashid
More »